No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Serials Router Receives Malice Attack and CPU is Fully Used

Publication Date:  2012-07-27 Views:  48 Downloads:  0
Issue Description
AR serials router receives malice attack and CPU utilization reaches100%.
Alarm Information
Check fast forwarding table with display ip fast-forwarding cache command and find many packets of 445 port:
561:0   172.16.76.165  3816  172.16.133.107   445   6  Ethernet1  Ethernet1  1
561:1   172.16.76.168  1239   172.16.95.206   445   6  Ethernet1  Ethernet1  1
561:2   172.16.76.165  4879   172.16.144.48   445   6  Ethernet1  Ethernet1  1
561:3   172.16.76.165  3029  172.16.166.237   445   6  Ethernet1  Ethernet1  1
Handling Process
Define ACL filter rule:
acl number 3003
rule  deny tcp source any destination any destination-port eq 445
rule  deny udp source any destination any destination-port eq 445
Apply on uplink interface and downlink interface of AR router:
interface eth 0/1
firewall pacaket-filter 3001 inbound
interface eth 0/1
firewall pacaket-filter 3001 inbound

CPU utilization of the router reduces within normal range.
      
Root Cause
Virus attack results in that many  abnormal packets are sent to CPU and CPU utilization is high.
Suggestions
AR router should configure anti-virus ACL. 

END